CN101364876B - Method realizing public key acquiring, certificater verification and bidirectional identification of entity - Google Patents

Method realizing public key acquiring, certificater verification and bidirectional identification of entity Download PDF

Info

Publication number
CN101364876B
CN101364876B CN2008101509511A CN200810150951A CN101364876B CN 101364876 B CN101364876 B CN 101364876B CN 2008101509511 A CN2008101509511 A CN 2008101509511A CN 200810150951 A CN200810150951 A CN 200810150951A CN 101364876 B CN101364876 B CN 101364876B
Authority
CN
China
Prior art keywords
entity
public key
message
discriminating
party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008101509511A
Other languages
Chinese (zh)
Other versions
CN101364876A (en
Inventor
铁满霞
曹军
赖晓龙
黄振海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN2008101509511A priority Critical patent/CN101364876B/en
Publication of CN101364876A publication Critical patent/CN101364876A/en
Application granted granted Critical
Publication of CN101364876B publication Critical patent/CN101364876B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a method for achieving public key acquisition, certificate validation and authentication of an entity. The method comprises the following steps: (1) transmitting a message 2 to an entity A by an entity B; (2) transmitting a message 3 to a credible third party TP by the entity A after receiving the message 2; (3) determining response RepTA after the credible third party TPreceives the message 3; (4) returning a message 4 to the entity A by the credible third party TP; (5) executing step (6) after the entity A receives the message 4 from the credible third party TP; (6) returning a message 5 to the entity B by the entity A; and (7) processing the message 5 after the entity B receives the message 5 from the entity A to obtain the authentication result of the entity A. The method can achieve public key acquisition, certificate validation and authentication of the entity by fusing in one protocol, thereby facilitating the execution efficiency and the effect of theprotocol and facilitating the combination with various public acquisition and public key certificate state enquiry protocols. The method suits with a user-access point-server network structure accessed to the network to meet the authentication requirement of the access network.

Description

A kind of method that realizes public key acquisition, certification authentication and the discriminating of entity
Technical field
The present invention relates to a kind of method that realizes public key acquisition, certification authentication and the discriminating of entity.
Background technology
In present computer network and communication network, before user's logging in network carried out secure communication, the entity that must finish between user and the network was differentiated, or unidirectional discriminating or two-way discriminating.The authentication scheme of using generally is divided into two classes: based on symmetric key algorithm with based on PKI (unsymmetrical key) algorithm.
Require participant's entity must have pair of secret keys based on the authentication scheme of public key algorithm and technology, i.e. public private key pair, wherein PKI need be notified to other participant's entity.Available advice method has outer advice method of band and certificate mode, and wherein the outer advice method of band is owing to be difficult to upgrade and less use, and the certificate mode then is widely used.
Adopt the method for authenticating entities of public key certificate generally to need based on PKIX, PKIX is that a kind of notion of utilizing PKI and technology are implemented and security infrastructure security service, that have universality is provided, and it can provide security services such as discriminating, integrality, confidentiality.Two very important in PKIX notions are exactly public key certificate and CA, wherein public key certificate is issued by CA usually, signature in the public key certificate is provided by CA, and CA confirms the binding relationship of public key certificate holder and this holder's PKI by signature is provided.
There is the lifetime usually in the public key certificate that confirms through CA, finishes the back certificate in the lifetime and loses efficacy.If the pairing private key of public key certificate leaks, then this public key certificate also lost efficacy.There are some other situations that public key certificate was lost efficacy in addition, cause its inefficacy etc. such as job change.
The entity of participate in differentiating in network service can be refused to set up secure communication with the entity of holding the inefficacy public key certificate usually, so public key acquisition and certification authentication are usually around the entity discrimination process and service is provided for it.Present existing authentication scheme is before the operation or in the middle of the operation, the verifier must have effective public-key cryptography of the person of claiming or know the person's of claiming public key certificate state, otherwise discrimination process can suffer damage and maybe can not complete successfully.As shown in Figure 1, wherein entity A and entity B need be finished discriminating between them by carrying out authentication protocol, trusted third party TP (Trusted third Party) is third party's entity that entity A and entity B are trusted, and entity A and entity B must obtain the effective PKI of opposite end entity or the state of public key certificate by trusted third party TP before differentiating.
The state that obtains public key certificate at present uses following dual mode usually:
1) CRL: downloadable authentication revocation list CRL (Certificate Revocation List) obtains the state of public key certificate, comprises that whole list of cert is downloaded and the increment list of cert is downloaded.When certain entity need be verified the state of certain public key certificate, download up-to-date CRL, check that then the public key certificate that needs checking is whether in up-to-date CRL CRL from server.
2) state of public key certificate is obtained in online query.For example: online certificate status protocol OCSP (OnlineCertificate Status Protocol).Online certificate status protocol OCSP relates generally to two entities of client and server, is a kind of typical client terminal/server structure.User end to server sends request, and server returns response.Comprise the serial certificate that needs are verified in the request, comprise the state and the validation interval of serial certificate in the response.
Obtain the effective PKI or the public key certificate state of opposite end entity in advance, this requirements of support condition all is not being met under a lot of applied environments, such as being the user in network configuration, access point, in the access network of server ternary structural, comprise most communication network, usually adopt the entity authentication scheme to realize the user access control function, before authentication scheme completes successfully, forbid customer access network, thereby the user can't use CRL CRL before differentiating, effective PKI of the validity of method validation access point certificates such as online certificate status protocol OCSP or acquisition access point.Therefore finish discriminating with wanting to sweep all before one, can only rely on the user finishes discriminating, is verifying after setting up network service again, for example key management PKM (Privacy Key Management) agreement among IEEE802.11i and the IEEE802.16 (e) promptly obtains the effective PKI of access point or the state of public key certificate afterwards.Obtain in advance or obtain afterwards the effective PKI of opposite end entity or the state of public key certificate no matter be, all discrimination process and the process that obtains effective PKI and public key certificate state are separated into two independent processes, be unfavorable for improving agreement and carry out efficient, even in some applied environment, can introduce unsafe factor, the authenticity that influence is differentiated.
In addition, in some applications, the user also is difficult to use modes such as CRL CRL, online certificate status protocol OCSP in the process of differentiating.At first subscriber equipment may storage resources limited or user be not ready to cause cycle downloadable authentication revocation list CRL to realize by Store Credentials revocation list CRL.Though there is not resource limit in access network, yet may there be problems such as policy restriction in access network.Secondly, when using online query such as online certificate status protocol OCSP mechanism as the user, the user need carry out independent agreements such as online certificate status protocol OSCP by background server, these agreements often operate on the http protocol, the agreement that belongs to application layer, before the discriminating of access network is not finished as yet, directly use very complexity of these agreements.Promptly allow to use, also need to finish, do not meet this structure of user-access point-server, can't directly use easily by the structure of user-server and access point-server.
Summary of the invention
The present invention is for solving the above-mentioned technical problem that exists in the background technology, and proposes a kind ofly to realize that public key acquisition, certification authentication and the discriminating of entity are the method for one.
Technical solution of the present invention is: the present invention is a kind of method that realizes public key acquisition, certification authentication and the discriminating of entity, and its special character is: this method may further comprise the steps:
1) entity B sends message 2 to entity A, and message 2 comprises random number R B, request ReqB and optional text Text3;
2) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises identify label ID A, request ReqAT and optional text Text4;
3) after trusted third party TP is received message 3, determine response RepTA, execution in step 4);
4) trusted third party TP is to entity A return messages 4, and message 4 comprises response RepTA and optional text Text5;
5) after entity A is received message 4 from trusted third party TP, execution in step 6);
6) entity A is to entity B return messages 5, and message 5 comprises token TokenAB and response RepB;
7) after entity B is received message 5 from entity A, handle, obtain the identification result of entity A.
Above-mentioned steps 3) trusted third party TP determines that the method for response RepTA is as follows in: according to the identify label ID of entity A A, check public key certificate Cert AValidity or the effective PKI by entity specificator A searching entities A.
Above-mentioned steps 7) entity B is as follows to the treatment step of message 5 in:
7.1) come auth response RepB according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 7.2);
7.2) obtaining the PKI of entity A or the state of public key certificate, checking is included in the signature of the entity A among the token TokenAB, checks the random number R that sends to entity A in step 1) then BWhether with the random number R that is included among the token TokenAB BConsistent, obtain the identification result of entity A.So far, entity B is finished the unidirectional discrimination process to entity A.
Said method also comprised step 0 before step 1)) entity A transmission message 1 is to entity B, and message 1 comprises random number R A, identify label ID AAnd optional text Text1; After entity B was received message 1, execution in step 1 again).This moment, above-mentioned message 2 also comprised identify label ID BAbove-mentioned steps 3) trusted third party TP determines that the method for response RepTA is as follows in: according to the identify label ID of entity A and entity B AAnd ID B, check public key certificate Cert AAnd Cert BValidity or the effective PKI by entity specificator A and B searching entities A and entity B; Above-mentioned steps 5) entity A is as follows to the treatment step of message 4 in:
5.1) come auth response RepTA according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 5.2);
5.2) obtaining the PKI of entity B or the state of public key certificate, checking is included in the signature of the entity B among the token TokenBA; Check the identify label Field ID in the signed data that is included in token TokenBA then AWhether consistent, check in step 0 with the identify label of entity A) in send to the random number R of entity B AWhether with the random number R that is included among the token TokenBA AConsistent, obtain the identification result of entity B.
Above-mentioned steps 7) entity B is as follows to the treatment step of message 5 in:
7.1) come auth response RepB according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 7.2);
7.2) obtaining the PKI of entity A or the state of public key certificate, checking is included in the signature of the entity A among the token TokenAB.Check the identify label Field ID in the signed data that is included in token TokenAB then BWhether consistent with the identify label field of entity B, check the random number R that in step 1), sends to entity A BWhether with the random number R that is included among the token TokenAB. BConsistent, obtain the identification result of entity A.
Above-mentioned ReqB and ReqAT are respectively the request of entity B and entity A generation, the effective PKI of request opposite end entity or the information such as previous status of public key certificate; Above-mentioned RepTA and RepB are respectively the response that produces at asking ReqAT and ReqB.
The form of above-mentioned ReqB, ReqAT, RepTA and RepB and definition determine according to concrete public key verifications agreement of using or distribution protocol, and these public key verifications agreements or distribution protocol be certificate status protocol (seeing GB/T19713), based on credential authentication protocol (seeing IETF RFC5055) or the distribution of other PKIs or the indentification protocol of server.
The present invention adopts three entity frameworks, entity A and entity B needed to obtain the PKI or the certificate of trusted third party before differentiating, and obtain trusted third party and be presented to own user certificate or give trusted third party certainly with the PKI of oneself, and need not to know in advance the effective PKI of opposite end entity or the state of public key certificate.The present invention finishes public key acquisition, certification authentication and the identification function fusion of entity in an agreement, help improving efficient and the effect that agreement is carried out, be convenient to combine with various public key acquisition and public key certificate state vlan query protocol VLAN, be fit to the network configuration of the user-access point-server of access network, satisfy the discriminating requirement of access network.
Description of drawings
Fig. 1 is an authentication scheme work schematic diagram of the prior art;
Fig. 2 is the method schematic diagram of the embodiment of the invention one;
Fig. 3 is the method schematic diagram of the embodiment of the invention two;
Fig. 4 is the method schematic diagram of the embodiment of the invention three.
Embodiment
Method of the present invention relates to three security elements, and promptly two entity A and B and a trusted third party TP by online trusted third party TP, are finished discriminating between entity A and the B, and obtained the effective PKI of opposite end entity or the state of public key certificate.
Entity A or B represent with entity X; R then XThe random number that presentation-entity X produces; Cert XPublic key certificate for entity X; ID XBe the identify label of entity X, by certificate Cert XPerhaps the specificator X of entity represents; ReqX represents the request by entity X generation, the effective PKI of request opposite end entity or the information such as state of public key certificate; ReqXT represents the request that produce or that be transmitted to trusted third party TP by entity X; RepX represents the response to entity X transmission at ReqX, promptly responds the effective PKI of its entity of asking or the information such as state of public key certificate to entity X; RepTX represents the response by the trusted third party TP generation at ReqXT; Token is the token field; Text is the optional text field.Each symbol definition is as follows:
ID A=Aor?CertA
ID B=B?or?CertB
The form of ReqB, ReqAT, RepTA, RepB determines that according to concrete public key verifications agreement of using or distribution protocol these online public key verifications agreements or distribution protocol comprise certificate status protocol (seeing GB/T19713), distribute or indentification protocol based on credential authentication protocol (seeing IETF RFC5055) or other PKIs of server.
Referring to Fig. 2, the present invention realizes that the concrete grammar flow process of the two-way discriminating between entity A and the entity B is as follows:
1) entity A sends message 1 to entity B, and message 1 comprises random number R A, identify label ID AAnd optional text Text1;
2) after entity B is received message 1, send message 2 to entity A, message 2 comprises token TokenBA, identify label ID B, request ReqB and optional text Text3, wherein TokenBA=R A‖ R B‖ ID A‖ sSB (R A‖ R B‖ ID B‖ ID A‖ Text2);
3) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises request ReqAT and optional text Text4, and wherein ReqAT need comprise the content of ReqB;
4) after trusted third party TP is received message 3, according to the identify label ID of entity A and entity B AAnd ID B, check public key certificate Cert AAnd Cert BValidity or the effective PKI by entity specificator A and B searching entities A and entity B, determine response RepTA, wherein RepTA need comprise the content of RepB, execution in step 5);
5) trusted third party TP is to entity A return messages 4, and message 4 comprises response RepTA and optional text Text5;
6) after entity A is received message 4 from trusted third party TP, finish the following step:
6.1) come auth response RepTA according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 6.2);
6.2) obtaining the PKI of entity B or the state of public key certificate, checking is included in the signature of the entity B among the token TokenBA; Check the identify label Field ID in the signed data that is included in token TokenBA then AWhether consistent with the identify label of entity A, check the random number R that sends to entity B in step 1) in the step AWhether with the random number R that is included among the token TokenBA. AConsistent, obtain the identification result of entity B;
7) entity A is to entity B return messages 5, and message 5 comprises token TokenAB and response RepB, wherein TokenAB=Text7 ‖ sSA (R B‖ ID B‖ Text6);
8) after entity B is received message 5 from entity A, carry out the following step:
8.1) come auth response RepB according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 8.2);
8.2) obtaining the PKI of entity A or the state of public key certificate, checking is included in the signature of the entity A among the token TokenAB.Check the identify label Field ID in the signed data that is included in token TokenAB then BWhether consistent, check in step 2 with the identify label field of entity B) in send to entity A random number R B whether with the random number R that is included among the token TokenAB. BConsistent, obtain the identification result of entity A; So far, finish two-way discrimination process between entity A and the entity B.
Referring to Fig. 3, if only realize the unidirectional discriminating of entity A to entity B, step 7) and 8 on the basis of two-way discrimination process then) can omit, and message 1 also can be omitted to some field in the message 5.
Referring to Fig. 4, if only realize the unidirectional discriminating of entity B to entity A, then step 1) can be omitted on the basis of two-way discrimination process, and message 2 also can omit to some field in the message 5, and its concrete course of work is as follows:
2) entity B sends message 2 to entity A, and message 2 comprises random number R B, request ReqB and optional text Text3;
3) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises identify label ID A, request ReqAT and optional text Text4, wherein ReqAT equals ReqB;
4) after trusted third party TP is received message 3, according to the identify label ID of entity A A, check public key certificate Cert AValidity or the effective PKI by entity specificator A searching entities A, determine response RepTA, wherein RepTA equals RepB, execution in step 5);
5) trusted third party TP is to entity A return messages 4, and message 4 comprises response RepTA and optional text Text5;
6) after entity A is received message 4 from trusted third party TP, execution in step 7);
7) entity A is to entity B return messages 5, and message 5 comprises token TokenAB and response RepB, wherein TokenAB=Text7 ‖ sSA (R B‖ Text6);
8) after entity B is received message 5 from entity A, carry out the following step:
8.1) come auth response RepB according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 8.2);
8.2) obtain the PKI of entity A or the state of public key certificate, checking is included in the signature of the entity A among the token TokenAB, checks in step 2 then) in send to the random number R of entity A BWhether with the random number R that is included among the token TokenAB. BConsistent, obtain the identification result of entity A.So far, entity B is finished the unidirectional discrimination process to entity A.

Claims (12)

1. method that realizes public key acquisition, certification authentication and the discriminating of entity, it is characterized in that: this method may further comprise the steps:
1) entity B sends message 2 to entity A, and message 2 comprises random number R R, request ReqB and optional text Text3;
2) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises identify label ID A, request ReqAT and optional text Text4;
3) after trusted third party TP is received message 3, determine response RepTA, execution in step 4);
4) trusted third party TP is to entity A return messages 4, and message 4 comprises response RepTA and optional text Text5;
5) after entity A is received message 4 from trusted third party TP, execution in step 6);
6) entity A is to entity B return messages 5, and message 5 comprises token TokenAB and response RepB;
7) after entity B is received message 5 from entity A, handle, obtain the identification result of entity A.
2. the method for the public key acquisition of realization entity according to claim 1, certification authentication and discriminating is characterized in that: trusted third party TP determines that the method for response RepTA is as follows in the described step 3): according to the identify label ID of entity A A, check public key certificate Cert AValidity or the effective PKI by entity specificator A searching entities A.
3. the method for the public key acquisition of realization entity according to claim 2, certification authentication and discriminating is characterized in that: entity B is as follows to the treatment step of message 5 in the described step 7):
7.1) come auth response RepB according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 7.2);
7.2) obtaining the PKI of entity A or the state of public key certificate, checking is included in the signature of the entity A among the token TokenAB, checks the random number R that sends to entity A in step 1) then BWhether with the random number R that is included among the token TokenAB BConsistent, obtain the identification result of entity A.
4. the method for the public key acquisition of realization entity according to claim 1, certification authentication and discriminating is characterized in that: this method also comprised step 0 before step 1)) entity A transmission message 1 is to entity B, and message 1 comprises random number R A, identify label ID AAnd optional text Text1; After entity B was received message 1, execution in step 1 again).
5. the method for the public key acquisition of realization entity according to claim 4, certification authentication and discriminating is characterized in that: described message 2 also comprises identify label ID B
6. the method for the public key acquisition of realization entity according to claim 5, certification authentication and discriminating is characterized in that: trusted third party TP determines that the method for response RepTA is as follows in the described step 3): according to the identify label ID of entity A and entity B AAnd ID B, check public key certificate Cert AAnd Cert BValidity or the effective PKI by entity specificator A and B searching entities A and entity B.
7. the method for the public key acquisition of realization entity according to claim 6, certification authentication and discriminating is characterized in that: entity A is as follows to the treatment step of message 4 in the described step 5):
5.1) come auth response RepTA according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 5.2);
5.2) obtaining the PKI of entity B or the state of public key certificate, checking is included in the signature of the entity B among the token TokenBA; Check the identify label Field ID in the signed data that is included in token TokenBA then AWhether consistent, check in step 0 with the identify label of entity A) in send to the random number R of entity B AWhether with the random number R that is included among the token TokenBA AConsistent, obtain the identification result of entity B.
8. the method for the public key acquisition of realization entity according to claim 7, certification authentication and discriminating is characterized in that: entity B is as follows to the treatment step of message 5 in the described step 7):
7.1) come auth response RepB according to public key verifications agreement or the distribution protocol used, if checking is by then proceeding to step 7.2);
7.2) obtaining the PKI of entity A or the state of public key certificate, checking is included in the signature of the entity A among the token TokenAB, checks the identify label Field ID in the signed data that is included in token TokenAB then BWhether consistent with the identify label field of entity B, check the random number R that in step 1), sends to entity A BWhether with the random number R that is included among the token TokenAB BConsistent, obtain the identification result of entity A.
9. according to the method for public key acquisition, certification authentication and the discriminating of the described realization entity of the arbitrary claim of claim 1 to 8, it is characterized in that: described ReqB and ReqAT are respectively the request of entity B and entity A generation, the effective PKI of request opposite end entity or the previous status information of public key certificate; Described RepTA and RepB are respectively the response that produces at asking ReqAT and ReqB.
10. the method for the public key acquisition of realization entity according to claim 9, certification authentication and discriminating, it is characterized in that: the form of described ReqB, ReqAT, RepTA and RepB and definition determine according to concrete public key verifications agreement of using or distribution protocol, and described public key verifications agreement or distribution protocol are certificate status protocols or based on the credential authentication protocol of server.
11. according to the method for public key acquisition, certification authentication and the discriminating of the described realization entity of the arbitrary claim of claim 1 to 3, it is characterized in that: described ReqAT equals ReqB, and RepTA equals RepB.
12. according to the method for public key acquisition, certification authentication and the discriminating of the described realization entity of the arbitrary claim of claim 4 to 8, it is characterized in that: described ReqAT comprises the content of ReqB, RepTA comprises the content of RepB.
CN2008101509511A 2008-09-12 2008-09-12 Method realizing public key acquiring, certificater verification and bidirectional identification of entity Active CN101364876B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101509511A CN101364876B (en) 2008-09-12 2008-09-12 Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101509511A CN101364876B (en) 2008-09-12 2008-09-12 Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Publications (2)

Publication Number Publication Date
CN101364876A CN101364876A (en) 2009-02-11
CN101364876B true CN101364876B (en) 2011-07-06

Family

ID=40391055

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101509511A Active CN101364876B (en) 2008-09-12 2008-09-12 Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Country Status (1)

Country Link
CN (1) CN101364876B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101640593B (en) 2009-08-28 2011-11-02 西安西电捷通无线网络通信股份有限公司 Entity two-way identification method of introducing the online third party
CN101645776B (en) * 2009-08-28 2011-09-21 西安西电捷通无线网络通信股份有限公司 Method for distinguishing entities introducing on-line third party
CN101635624B (en) * 2009-09-02 2011-06-01 西安西电捷通无线网络通信股份有限公司 Method for authenticating entities by introducing online trusted third party
CN101674182B (en) 2009-09-30 2011-07-06 西安西电捷通无线网络通信股份有限公司 Entity public key acquisition and certificate verification and authentication method and system of introducing online trusted third party
WO2011075907A1 (en) * 2009-12-25 2011-06-30 西安西电捷通无线网络通信股份有限公司 Method for implementing public key acquirement, certificate validation and bi-directional authentication of entities
WO2011075906A1 (en) * 2009-12-25 2011-06-30 西安西电捷通无线网络通信股份有限公司 Method for achieving public key acquisition, certificate validation and authentication of entity
CN102014386B (en) 2010-10-15 2012-05-09 西安西电捷通无线网络通信股份有限公司 Entity authentication method and system based on symmetrical code algorithm
CN101997688B (en) 2010-11-12 2013-02-06 西安西电捷通无线网络通信股份有限公司 Method and system for identifying anonymous entity
CN101984577B (en) 2010-11-12 2013-05-01 西安西电捷通无线网络通信股份有限公司 Method and system for indentifying anonymous entities
CN102045716B (en) * 2010-12-06 2012-11-28 西安西电捷通无线网络通信股份有限公司 Method and system for safe configuration of station (STA) in wireless local area network (WLAN)
CN103297464B (en) * 2012-02-29 2016-03-30 华为技术有限公司 The acquisition methods of programme information and device
CN103312670A (en) 2012-03-12 2013-09-18 西安西电捷通无线网络通信股份有限公司 Authentication method and system
CN103312499B (en) 2012-03-12 2018-07-03 西安西电捷通无线网络通信股份有限公司 A kind of identity identifying method and system
CN104954130B (en) 2014-03-31 2019-08-20 西安西电捷通无线网络通信股份有限公司 A kind of method for authenticating entities and device
CN106571919B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device thereof
CN106572064B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device that more TTP are participated in
CN107104799B (en) * 2016-02-22 2021-04-16 西门子公司 Method and device for creating certificate test library
GB2569130B (en) 2017-12-05 2020-11-04 Ali Musallam Ibrahim Method and system for sharing an item of media content

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1929380A (en) * 2006-09-23 2007-03-14 西安西电捷通无线网络通信有限公司 Public key certificate state obtaining and verification method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1929380A (en) * 2006-09-23 2007-03-14 西安西电捷通无线网络通信有限公司 Public key certificate state obtaining and verification method

Also Published As

Publication number Publication date
CN101364876A (en) 2009-02-11

Similar Documents

Publication Publication Date Title
CN101364876B (en) Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN101364875B (en) Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN101674182B (en) Entity public key acquisition and certificate verification and authentication method and system of introducing online trusted third party
US8510565B2 (en) Bidirectional entity authentication method based on the credible third party
US8417955B2 (en) Entity bidirectional authentication method and system
KR101459802B1 (en) Authentication delegation based on re-verification of cryptographic evidence
US7020778B1 (en) Method for issuing an electronic identity
EP2039050B1 (en) Method and arrangement for authentication procedures in a communication network
JP5468137B2 (en) Entity two-way authentication method introducing online third party device
EP2214429A1 (en) Entity bi-directional identificator method and system based on trustable third party
CN101635624B (en) Method for authenticating entities by introducing online trusted third party
US8763100B2 (en) Entity authentication method with introduction of online third party
KR100853182B1 (en) Symmetric key-based authentication method and apparatus in multi domains
CN104836662A (en) Unified identity authentication system
Mumtaz et al. Strong authentication protocol based on Java Crypto chips
Haj Hussein Double SSO–A Prudent and Lightweight SSO Scheme
WO2011075907A1 (en) Method for implementing public key acquirement, certificate validation and bi-directional authentication of entities

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BEIJING ZHIXIANG TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2016610000049

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20161117

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BEIJING FENGHUO LIANTUO TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000001

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20170106

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHANGHAI YU FLY MILKY WAY SCIENCE AND TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000005

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20170317

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing next Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000014

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20170601

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HYTERA COMMUNICATIONS Corp.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000015

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20170602

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing Hua Xinaotian network technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000028

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20171122

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: ALPINE ELECTRONICS, Inc.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017990000497

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20171222

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN RAKWIRELESS TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000006

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180226

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000008

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180319

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000010

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180322

Application publication date: 20090211

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000009

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180320

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BLACKSHARK TECHNOLOGIES (NANCHANG) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000012

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180404

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Sony Mobile Communications AB

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018990000306

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20181123

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN UCLOUDLINK NEW TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2019610000002

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20191010

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HANGZHOU STRONG EDUCATION TECHNOLOGY Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000001

Denomination of invention: A method of public key acquisition, certificate verification and authentication of entity

Granted publication date: 20110706

License type: Common License

Record date: 20210125

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: EKC communication technology (Shenzhen) Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000008

Denomination of invention: A method of public key acquisition, certificate verification and authentication of entity

Granted publication date: 20110706

License type: Common License

Record date: 20210705

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Guangzhou nengchuang Information Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000011

Denomination of invention: A method for obtaining public key, certificate verification and authentication of entities

Granted publication date: 20110706

License type: Common License

Record date: 20211104

Application publication date: 20090211

Assignee: Xinruiya Technology (Beijing) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000012

Denomination of invention: A method for obtaining public key, certificate verification and authentication of entities

Granted publication date: 20110706

License type: Common License

Record date: 20211104

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN ZHIKAI TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2022610000005

Denomination of invention: A method of public key acquisition, certificate verification and authentication for entities

Granted publication date: 20110706

License type: Common License

Record date: 20220531

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HISCENE INFORMATION TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000003

Denomination of invention: A method to realize entity's public key acquisition, certificate verification and authentication

Granted publication date: 20110706

License type: Common License

Record date: 20230207

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing baicaibang Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000005

Denomination of invention: A Method for Realizing Entity's Public Key Acquisition, Certificate Verification, and Authentication

Granted publication date: 20110706

License type: Common License

Record date: 20230329

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Shenzhen wisky Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000008

Denomination of invention: A Method for Realizing Entity's Public Key Acquisition, Certificate Verification, and Authentication

Granted publication date: 20110706

License type: Common License

Record date: 20230522

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing Digital Technology (Shanghai) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000012

Denomination of invention: A method for obtaining public keys, verifying certificates, and authenticating entities

Granted publication date: 20110706

License type: Common License

Record date: 20231114